diff --git a/chatto/src/main/java/org/ros/chatto/WebSecurityConfiguration.java b/chatto/src/main/java/org/ros/chatto/WebSecurityConfiguration.java
index c791b14..631f068 100644
--- a/chatto/src/main/java/org/ros/chatto/WebSecurityConfiguration.java
+++ b/chatto/src/main/java/org/ros/chatto/WebSecurityConfiguration.java
@@ -4,13 +4,13 @@ import org.ros.chatto.security.MyUserDetailsService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@@ -42,22 +42,27 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
     @Override
     protected void configure(HttpSecurity httpSecurity) throws Exception {
         httpSecurity.authorizeRequests()
+        		.antMatchers(HttpMethod.POST, "/api/**").permitAll()
                 .antMatchers("/","/login*","/registration","/perform_registration","/css/**", "/js/**", "/images/**").permitAll()
+//                .antMatchers("/","/api**","/api/**","/login*","/registration","/perform_registration","/css/**", "/js/**", "/images/**").permitAll()
                 .antMatchers("/user/**").hasAnyRole("USER", "ADMIN","SUPER_USER")
-                .antMatchers("/admin/**","/api/**").hasAnyRole("ADMIN","SUPER_USER")
+                .antMatchers("/admin/**").hasAnyRole("ADMIN","SUPER_USER")
                 .anyRequest()
                 .authenticated()
+                
                 .and()
+                
                 .formLogin()
 //              .loginPage("/login").permitAll()
                 .loginProcessingUrl("/perform_login")
-                .successHandler(authenticationSuccessHandler)
+//                .successHandler(authenticationSuccessHandler)
                 .failureUrl("/?login_error")
                 .and()
 				.logout().invalidateHttpSession(true)
 				.clearAuthentication(true)
 				.logoutRequestMatcher(new AntPathRequestMatcher("/perform_logout"))
-				.logoutSuccessUrl("/").permitAll();;
+				.logoutSuccessUrl("/").permitAll()
+				.and().cors().and().csrf().disable();
 			    
     	
     	
diff --git a/chatto/src/main/java/org/ros/chatto/controller/DemoRestController.java b/chatto/src/main/java/org/ros/chatto/controller/DemoRestController.java
index db3c12b..76b315f 100644
--- a/chatto/src/main/java/org/ros/chatto/controller/DemoRestController.java
+++ b/chatto/src/main/java/org/ros/chatto/controller/DemoRestController.java
@@ -2,16 +2,22 @@ package org.ros.chatto.controller;
 
 import org.ros.chatto.repository.UserRepositoryCustom;
 import org.ros.chatto.repository.UserRoleRepository;
+import org.ros.chatto.repository.MessageCipherRepository;
 import org.ros.chatto.repository.RoleRepository;
 import org.ros.chatto.repository.UserRepository;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 import java.util.List;
 
 import org.ros.chatto.model.ChatUser;
+import org.ros.chatto.model.MessageCipher;
 import org.ros.chatto.model.UserRole;
 
 @RestController
@@ -26,6 +32,8 @@ public class DemoRestController {
 	RoleRepository roleRepository;
 	@Autowired
 	UserRoleRepository userRoleRepository;
+	@Autowired
+	MessageCipherRepository messageCipherRepository;
 
 	@GetMapping("/users")
 	public List<ChatUser> getAllUsers() {
@@ -47,5 +55,30 @@ public class DemoRestController {
 	{
 		return userRoleRepository.findAll();
 	}
+	
+	@GetMapping("/messages")
+	public List<MessageCipher> getAllCiphers()
+	{
+		return messageCipherRepository.findAll();
+	}
+	
+//	@RequestMapping(value = "/", method = RequestMethod.POST)
+//	public ResponseEntity<Car> update(@RequestBody Car car) {
+//
+//	    if (car != null) {
+//	        car.setMiles(car.getMiles() + 100);
+//	    }
+//
+//	    // TODO: call persistence layer to update
+//	    return new ResponseEntity<Car>(car, HttpStatus.OK);
+//	}
+	
+	@PostMapping(value="/post-message", consumes = {"application/json"})
+	public ResponseEntity<MessageCipher> postMessage(@RequestBody MessageCipher messageCipher)
+	{
+		System.out.println("Message cipher = " + messageCipher);
+		messageCipherRepository.save(messageCipher);
+		return new ResponseEntity<MessageCipher>(HttpStatus.OK);
+	}
 
 }
diff --git a/chatto/src/main/java/org/ros/chatto/model/ChatMessage.java b/chatto/src/main/java/org/ros/chatto/model/ChatMessage.java
index 56f695b..82ac76c 100644
--- a/chatto/src/main/java/org/ros/chatto/model/ChatMessage.java
+++ b/chatto/src/main/java/org/ros/chatto/model/ChatMessage.java
@@ -14,7 +14,6 @@ import javax.persistence.Temporal;
 import javax.persistence.TemporalType;
 
 import lombok.Data;
-import net.bytebuddy.asm.Advice.This;
 
 @Data
 @Entity
diff --git a/chatto/src/main/java/org/ros/chatto/model/MessageCipher.java b/chatto/src/main/java/org/ros/chatto/model/MessageCipher.java
new file mode 100644
index 0000000..6f6162b
--- /dev/null
+++ b/chatto/src/main/java/org/ros/chatto/model/MessageCipher.java
@@ -0,0 +1,42 @@
+package org.ros.chatto.model;
+
+import javax.persistence.Entity;
+import javax.persistence.EntityListeners;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import org.springframework.data.jpa.domain.support.AuditingEntityListener;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import lombok.Data;
+
+/*Object { iv: "2rtnuXaJXFuQGO9ncaVkmA==", v: 1, iter: 10000, ks: 128, ts: 64, mode: "ccm", adata: "", cipher: "aes", salt: "H1z7o3f6qlQ=", ct: "lF9Uno7ihjVv01M8" }
+this is what the json will look like*/
+@Data
+@Entity
+@Table(name = "message_ciphers")
+@EntityListeners(AuditingEntityListener.class)
+@JsonIgnoreProperties(value = { "id"}, allowGetters = false)
+public class MessageCipher {
+	@Id
+	@GeneratedValue(strategy = GenerationType.IDENTITY)
+	private int id;
+	private String iv;
+	private int v;
+	@JsonProperty("iter")
+	private int iterations;
+	@JsonProperty("ks")
+	private int keySize;
+	@JsonProperty("ts")
+	private int tagSize;
+	private String mode;
+	private String adata;
+	private String cipher;
+	private String salt;
+	@JsonProperty("ct")
+	private String cipherText;
+}
diff --git a/chatto/src/main/java/org/ros/chatto/repository/MessageCipherRepository.java b/chatto/src/main/java/org/ros/chatto/repository/MessageCipherRepository.java
new file mode 100644
index 0000000..d8b4dc2
--- /dev/null
+++ b/chatto/src/main/java/org/ros/chatto/repository/MessageCipherRepository.java
@@ -0,0 +1,10 @@
+package org.ros.chatto.repository;
+
+import org.ros.chatto.model.MessageCipher;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+@Repository
+public interface MessageCipherRepository extends JpaRepository<MessageCipher, Long>{
+
+}